Lucene search

GoogleOSV:CVE-2019-11358

HistoryApr 20, 2019 - 12:29 a.m.

CVE-2019-11358

2019-04-2000:29:00

Google

osv.dev

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.036 Low

EPSS

Percentile

91.5%

JSON

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

CPENameOperatorVersion
backdropeq7.4
backdropeq7.63
backdropeq2.5.5
backdropeq2.5.1
backdropeq7.32
backdropeq7.36
backdropeq2.5.0
backdropeq1.11.7
backdropeq3.2.3
backdropeq2.5.0_RC1

Name	Operator	Version
backdrop	eq	7.4
backdrop	eq	7.63
backdrop	eq	2.5.5
backdrop	eq	2.5.1
backdrop	eq	7.32
backdrop	eq	7.36
backdrop	eq	2.5.0
backdrop	eq	1.11.7
backdrop	eq	3.2.3
backdrop	eq	2.5.0_RC1

Rows per page:

1-10 of 1171

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html

packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

seclists.org/fulldisclosure/2019/May/10

seclists.org/fulldisclosure/2019/May/11

seclists.org/fulldisclosure/2019/May/13

www.openwall.com/lists/oss-security/2019/06/03/2

www.securityfocus.com/bid/108023

access.redhat.com/errata/RHBA-2019:1570

access.redhat.com/errata/RHSA-2019:1456

access.redhat.com/errata/RHSA-2019:2587

access.redhat.com/errata/RHSA-2019:3023

access.redhat.com/errata/RHSA-2019:3024

backdropcms.org/security/backdrop-sa-core-2019-009

blog.jquery.com/2019/04/10/jquery-3-4-0-released/

github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

github.com/jquery/jquery/pull/4333

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E

lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E

lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E

lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E

lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E

lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E

lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

lists.debian.org/debian-lts-announce/2019/05/msg00006.html

lists.debian.org/debian-lts-announce/2019/05/msg00029.html

lists.debian.org/debian-lts-announce/2020/02/msg00024.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/

seclists.org/bugtraq/2019/Apr/32

seclists.org/bugtraq/2019/Jun/12

seclists.org/bugtraq/2019/May/18

security.netapp.com/advisory/ntap-20190919-0001/

snyk.io/vuln/SNYK-JS-JQUERY-174006

supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1

www.debian.org/security/2019/dsa-4434

www.debian.org/security/2019/dsa-4460

www.drupal.org/sa-core-2019-006

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/

www.synology.com/security/advisory/Synology_SA_19_19

www.tenable.com/security/tns-2019-08

www.tenable.com/security/tns-2020-02

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.036 Low

EPSS

Percentile

91.5%

JSON

CVE-2019-11358

References

Related